Quiz on API Security
Test your understanding of the concepts related to security in API design.
9
Consider a situation where a company utilizes API keys to grant access to its API’s endpoints. When making calls to the API, they decide to send the key embedded in the URL instead of the header of the request because it’s easier to use. Is this new method secure?
Your Answer
A)Yes
Correct Answer
B)No
Explanation
The key should be put in the HTTP Authorization header and not the URL. URLs are public entities, and if API keys are embedded in them (in plaintext without encryption), there is a high chance that they will get leaked. Therefore, the new method that the company employs is not secure.
Question 9 of 99 attempted
High-Level View of Security in APIs
API Versioning